Update to 5.9p1 with sctp patch but this patches may be broken: openssh-5.8p1-hpn13v11.diff.gz openssh-5.8p1+x509-7.0.diff.gz openssh-5.7p1-gsskex-all-20110125.patch Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->bdrewery Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->analyzed Will consider adding this when updating to 5.9
Author: bdrewery Date: Wed Apr 17 00:35:31 2013 New Revision: 315920 URL: http://svnweb.freebsd.org/changeset/ports/315920 Log: - Remove compatibiliy for FreeBSD <4.x * /var/empty has been in hier(7) since 4.x * User sshd has been in base since 4.x * Simplify a patch for realhostname_sa(3) usage - Remove SUID_SSH - It was removed from ssh in 2002 - Fix 'make test' - Add some hints into the patches on where they came from - Mirror all patches - Move LPK patch out of files/ - Remove the need for 2 patches * Removal of 'host-key check-config' in install phase * Adding -lutil - Add SCTP support [1] - Remove FILECONTROL as it has not been supported since the 5.8 update - Replace tab with space pkg-descr - Remove default WRKSRC - Add 'configtest' command to rc script - Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1 PR: ports/174570 [1] Submitted by: oleg <proler@gmail.com> [1] Obtained from: https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1] Feature safe: yes Deleted: head/security/openssh-portable/files/extra-patch-configure head/security/openssh-portable/files/openssh-lpk-5.8p2.patch head/security/openssh-portable/files/patch-Makefile.in Modified: head/security/openssh-portable/Makefile head/security/openssh-portable/distinfo head/security/openssh-portable/files/openssh.in head/security/openssh-portable/files/patch-auth.c head/security/openssh-portable/files/patch-auth1.c head/security/openssh-portable/files/patch-auth2.c head/security/openssh-portable/files/patch-loginrec.c head/security/openssh-portable/files/patch-readconf.c head/security/openssh-portable/files/patch-servconf.c head/security/openssh-portable/files/patch-session.c head/security/openssh-portable/files/patch-ssh-agent.c head/security/openssh-portable/files/patch-ssh.c head/security/openssh-portable/files/patch-ssh_config head/security/openssh-portable/files/patch-ssh_config.5 head/security/openssh-portable/files/patch-sshd.8 head/security/openssh-portable/files/patch-sshd.c head/security/openssh-portable/files/patch-sshd_config head/security/openssh-portable/files/patch-sshd_config.5 head/security/openssh-portable/pkg-descr head/security/openssh-portable/pkg-plist Modified: head/security/openssh-portable/Makefile ============================================================================== --- head/security/openssh-portable/Makefile Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/Makefile Wed Apr 17 00:35:31 2013 (r315920) @@ -13,8 +13,6 @@ PKGNAMESUFFIX= -portable MAINTAINER= bdrewery@FreeBSD.org COMMENT= The portable version of OpenBSD's OpenSSH -WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} - MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 MLINKS= ssh.1 slogin.1 MAN5= moduli.5 ssh_config.5 sshd_config.5 @@ -22,7 +20,12 @@ MAN8= sftp-server.8 sshd.8 ssh-keysign.8 CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* +# XXX: ports/52706 will allow using DEFAULT,x509,gsskex here. +PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/ \ + http://mirror.shatow.net/freebsd/${PORTNAME}/:x509,gsskex + USE_PERL5_BUILD= yes +USE_AUTOTOOLS= autoconf autoheader USE_OPENSSL= yes GNU_CONFIGURE= yes CONFIGURE_ENV= ac_cv_func_strnvis=no @@ -36,37 +39,46 @@ ETCOLD= ${PREFIX}/etc SUDO?= # empty MAKE_ENV+= SUDO="${SUDO}" -OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \ - KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \ - OVERWRITE_BASE +OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT BSM KERBEROS \ + KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \ + OVERWRITE_BASE SCTP OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS TCP_WRAPPERS_DESC= Enable tcp_wrappers support -SUID_SSH_DESC= Enable suid SSH (Recommended off) BSM_DESC= Enable OpenBSM Auditing KERB_GSSAPI_DESC= Enable Kerberos/GSSAPI patch (req: GSSAPI) OPENSSH_CHROOT_DESC= Enable CHROOT support HPN_DESC= Enable HPN-SSH patch LPK_DESC= Enable LDAP Public Key (LPK) patch X509_DESC= Enable x509 certificate patch -FILECONTROL_DESC= Enable file control patch (broken) +SCTP_DESC= Enable SCTP support OVERWRITE_BASE_DESC= OpenSSH overwrite base .include <bsd.port.pre.mk> .if ${OSVERSION} >= 900000 -EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure +CONFIGURE_LIBS+= -lutil .endif .if ${OSVERSION} >= 900007 CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog .endif -.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN} -BROKEN= X509 patches and HPN patches do not apply cleanly together -.endif +.if ${PORT_OPTIONS:MX509} +. if ${PORT_OPTIONS:MHPN} +BROKEN= X509 patch and HPN patch do not apply cleanly together +. endif -.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI} +. if ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= X509 patch incompatible with KERB_GSSAPI patch +. endif + +. if ${PORT_OPTIONS:MSCTP} +BROKEN= X509 patch and SCTP patch do not apply cleanly together +. endif + +. if ${PORT_OPTIONS:MLPK} +BROKEN= X509 patch and LPK patch do not apply cleanly together +. endif .endif .if defined(OPENSSH_OVERWRITE_BASE) @@ -85,10 +97,6 @@ CONFIGURE_ARGS+= --with-tcp-wrappers CONFIGURE_ARGS+= --with-libedit .endif -.if !${PORT_OPTIONS:MSUID_SSH} -CONFIGURE_ARGS+= --disable-suid-ssh -.endif - .if ${PORT_OPTIONS:MBSM} CONFIGURE_ARGS+= --with-audit=bsm .endif @@ -97,8 +105,8 @@ CONFIGURE_ARGS+= --with-audit=bsm CONFIGURE_ARGS+= --with-kerberos5 LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5 .if ${PORT_OPTIONS:MKERB_GSSAPI} -PATCH_SITES+= http://www.sxw.org.uk/computing/patches/ -PATCHFILES+= openssh-5.7p1-gsskex-all-20110125.patch +PATCH_SITES+= http://www.sxw.org.uk/computing/patches/:gsskex +PATCHFILES+= openssh-5.7p1-gsskex-all-20110125.patch:gsskex PATCH_DIST_STRIP= .endif .if ${OPENSSLBASE} == "/usr" @@ -115,8 +123,8 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSS CFLAGS+= -DCHROOT .endif +# http://www.psc.edu/index.php/hpn-ssh .if ${PORT_OPTIONS:MHPN} -PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/ PATCHFILES+= ${PORTNAME}-5.8p1-hpn13v11.diff.gz PATCH_DIST_STRIP= .endif @@ -125,19 +133,19 @@ PATCH_DIST_STRIP= # and svn repo described here: # http://code.google.com/p/openssh-lpk/source/checkout .if ${PORT_OPTIONS:MLPK} -EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.8p2.patch +PATCHFILES+= ${PORTNAME}-lpk-5.8p2.patch.gz USE_OPENLDAP= yes CPPFLAGS+= -I${LOCALBASE}/include CONFIGURE_ARGS+= --with-ldap=yes \ - --with-libs='-lldap' \ --with-ldflags='-L${LOCALBASE}/lib' \ --with-cppflags='${CPPFLAGS}' +CONFIGURE_LIBS+= -lldap .endif # See http://www.roumenpetrov.info/openssh/ .if ${PORT_OPTIONS:MX509} -PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-7.0/ -PATCHFILES+= ${PORTNAME}-5.8p1+x509-7.0.diff.gz +PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-7.0/:x509 +PATCHFILES+= ${PORTNAME}-5.8p1+x509-7.0.diff.gz:x509 PATCH_DIST_STRIP= -p1 PLIST_SUB+= X509="" MAN5+= ssh_engine.5 @@ -145,33 +153,24 @@ MAN5+= ssh_engine.5 PLIST_SUB+= X509="@comment " .endif -# See http://sftpfilecontrol.sourceforge.net/ -.if ${PORT_OPTIONS:MFILECONTROL} -# Latest sftpfilecontrol patch is against 5.4p1 which does not apply -# cleanly against 5.8p2, but it's close. -BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.8p2 -EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch +# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016 +.if ${PORT_OPTIONS:MSCTP} +PATCHFILES+= ${PORTNAME}-sctp-2163.patch.gz +CONFIGURE_ARGS+= --with-sctp .endif +EMPTYDIR= /var/empty + .if ${PORT_OPTIONS:MOVERWRITE_BASE} WITH_OPENSSL_BASE= yes CONFIGURE_ARGS+= --localstatedir=/var -EMPTYDIR= /var/empty PREFIX= /usr ETCSSH= /etc/ssh USE_RCORDER= openssh PLIST_SUB+= NOTBASE="@comment " PLIST_SUB+= BASE="" PLIST_SUB+= BASEPREFIX="${PREFIX}" -PLIST_SUB+= ERASEEMPTY="@comment " .else -.if exists(/var/empty) -EMPTYDIR= /var/empty -PLIST_SUB+= ERASEEMPTY="@comment " -.else -EMPTYDIR= ${PREFIX}/empty -PLIST_SUB+= ERASEEMPTY="" -.endif ETCSSH= ${PREFIX}/etc/ssh USE_RC_SUBR= openssh PLIST_SUB+= NOTBASE="" @@ -180,13 +179,16 @@ PLIST_SUB+= BASE="@comment " # After all SUB_LIST+= ETCSSH="${ETCSSH}" -PLIST_SUB+= EMPTYDIR="${EMPTYDIR}" CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR} +.if !empty(CONFIGURE_LIBS) +CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}' +.endif RC_SCRIPT_NAME= openssh post-patch: @${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure + @${REINPLACE_CMD} -e 's|install: \(.*\) host-key check-config|install: \1|g' ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \ -e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8 @${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \ @@ -203,10 +205,6 @@ post-patch: .endif pre-su-install: - @${MKDIR} ${EMPTYDIR} - if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi - if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \ - -h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi .if !exists(${ETCSSH}) @${MKDIR} ${ETCSSH} .endif @@ -224,7 +222,7 @@ post-install: @${CAT} ${PKGMESSAGE} test: build - (cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \ + (cd ${WRKSRC}/regress && ${SETENV} OBJ=${WRKDIR} ${MAKE_ENV} TEST_SHELL=/bin/sh \ PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \ ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS}) Modified: head/security/openssh-portable/distinfo ============================================================================== --- head/security/openssh-portable/distinfo Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/distinfo Wed Apr 17 00:35:31 2013 (r315920) @@ -6,3 +6,7 @@ SHA256 (openssh-5.8p1+x509-7.0.diff.gz) SIZE (openssh-5.8p1+x509-7.0.diff.gz) = 184277 SHA256 (openssh-5.7p1-gsskex-all-20110125.patch) = bfdc72c3d7d5d4f9f8a78b649988dff8fad780cfa72bad4a69eb94c54de9a359 SIZE (openssh-5.7p1-gsskex-all-20110125.patch) = 91889 +SHA256 (openssh-lpk-5.8p2.patch.gz) = 718221d13a09fdf5be857cc4b349e61698c42ae47bd357bd5c83f331d490c6c7 +SIZE (openssh-lpk-5.8p2.patch.gz) = 17822 +SHA256 (openssh-sctp-2163.patch.gz) = 86ac3a59119c9c26193334d8ba7c3be9f143209080e4f8a2a00577c24c0c9e03 +SIZE (openssh-sctp-2163.patch.gz) = 6764 Modified: head/security/openssh-portable/files/openssh.in ============================================================================== --- head/security/openssh-portable/files/openssh.in Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/openssh.in Wed Apr 17 00:35:31 2013 (r315920) @@ -25,9 +25,11 @@ load_rc_config ${name} : ${openssh_skipportscheck="NO"} command=%%PREFIX%%/sbin/sshd -extra_commands="reload keygen" +extra_commands="configtest reload keygen" start_precmd="${name}_checks" +reload_precmd="${name}_configtest" restart_precmd="${name}_checks" +configtest_cmd="${name}_configtest" keygen_cmd="${name}_keygen" pidfile=${openssh_pidfile:="/var/run/sshd.pid"} @@ -137,6 +139,12 @@ openssh_check_same_ports(){ fi } +openssh_configtest() +{ + echo "Performing sanity check on ${name} configuration." + eval ${command} ${openssh_flags} -t +} + openssh_checks() { if checkyesno sshd_enable ; then @@ -146,7 +154,7 @@ openssh_checks() fi run_rc_command keygen - eval "${command} -t" + openssh_configtest } run_rc_command "$1" Modified: head/security/openssh-portable/files/patch-auth.c ============================================================================== --- head/security/openssh-portable/files/patch-auth.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-auth.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,12 @@ +r100838 | fanf | 2002-07-28 19:36:24 -0500 (Sun, 28 Jul 2002) | 7 lines +Changed paths: + M /head/crypto/openssh/auth.c + +Use login_getpwclass() instead of login_getclass() so that the root +vs. default login class distinction is made correctly. + +PR: 37416 + --- auth.c.orig 2010-08-12 11:33:01.000000000 -0600 +++ auth.c 2010-09-14 16:14:12.000000000 -0600 @@ -594,7 +594,7 @@ Modified: head/security/openssh-portable/files/patch-auth1.c ============================================================================== --- head/security/openssh-portable/files/patch-auth1.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-auth1.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,20 @@ +r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines +Changed paths: + M /head/security/hpn-ssh/Makefile + M /head/security/hpn-ssh/files/patch-auth.c + A /head/security/hpn-ssh/files/patch-auth1.c + A /head/security/hpn-ssh/files/patch-auth2.c + M /head/security/hpn-ssh/files/patch-session.c + M /head/security/openssh-portable/Makefile + M /head/security/openssh-portable/files/patch-auth.c + A /head/security/openssh-portable/files/patch-auth1.c + A /head/security/openssh-portable/files/patch-auth2.c + M /head/security/openssh-portable/files/patch-session.c + +Merged patches for HAVE_LOGIN_CAP from stable + +PR: 35904 + --- auth1.c.orig 2010-06-25 18:01:33.000000000 -0600 +++ auth1.c 2010-09-14 16:14:12.000000000 -0600 @@ -40,6 +40,7 @@ Modified: head/security/openssh-portable/files/patch-auth2.c ============================================================================== --- head/security/openssh-portable/files/patch-auth2.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-auth2.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,20 @@ +r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines +Changed paths: + M /head/security/hpn-ssh/Makefile + M /head/security/hpn-ssh/files/patch-auth.c + A /head/security/hpn-ssh/files/patch-auth1.c + A /head/security/hpn-ssh/files/patch-auth2.c + M /head/security/hpn-ssh/files/patch-session.c + M /head/security/openssh-portable/Makefile + M /head/security/openssh-portable/files/patch-auth.c + A /head/security/openssh-portable/files/patch-auth1.c + A /head/security/openssh-portable/files/patch-auth2.c + M /head/security/openssh-portable/files/patch-session.c + +Merged patches for HAVE_LOGIN_CAP from stable + +PR: 35904 + --- auth2.c.orig 2009-06-22 00:11:07.000000000 -0600 +++ auth2.c 2010-09-14 16:14:12.000000000 -0600 @@ -46,6 +46,7 @@ Modified: head/security/openssh-portable/files/patch-loginrec.c ============================================================================== --- head/security/openssh-portable/files/patch-loginrec.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-loginrec.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,26 +1,28 @@ ---- loginrec.c.orig 2010-04-09 02:13:27.000000000 -0600 -+++ loginrec.c 2010-09-14 16:14:12.000000000 -0600 -@@ -179,6 +179,9 @@ - #ifdef HAVE_UTIL_H - # include <util.h> - #endif -+#ifdef __FreeBSD__ -+#include <osreldate.h> -+#endif - - #ifdef HAVE_LIBUTIL_H - # include <libutil.h> -@@ -693,8 +696,13 @@ +r63028 | dinoex | 2002-07-15 15:08:01 -0500 (Mon, 15 Jul 2002) | 6 lines + +- Fix Problem with HAVE_HOST_IN_UTMP +- update monitor.c + +PR: 40576 +Submitted by: lxv@a-send-pr.sink.omut.org + +r99768 | des | 2002-07-11 05:36:10 -0500 (Thu, 11 Jul 2002) | 6 lines + +Use realhostname_sa(3) so the IP address will be used instead of the +hostname if the latter is too long for utmp. + +Submitted by: ru + +--- loginrec.c.orig 2013-04-14 08:28:40.482762815 -0500 ++++ loginrec.c 2013-04-14 08:29:03.723757797 -0500 +@@ -694,8 +694,8 @@ strncpy(ut->ut_name, li->username, MIN_SIZEOF(ut->ut_name, li->username)); # ifdef HAVE_HOST_IN_UTMP -+# if defined(__FreeBSD__) && __FreeBSD_version < 400000 - strncpy(ut->ut_host, li->hostname, - MIN_SIZEOF(ut->ut_host, li->hostname)); -+# else +- strncpy(ut->ut_host, li->hostname, +- MIN_SIZEOF(ut->ut_host, li->hostname)); + realhostname_sa(ut->ut_host, sizeof ut->ut_host, + &li->hostaddr.sa, li->hostaddr.sa.sa_len); -+# endif # endif # ifdef HAVE_ADDR_IN_UTMP /* this is just a 32-bit IP address */ Modified: head/security/openssh-portable/files/patch-readconf.c ============================================================================== --- head/security/openssh-portable/files/patch-readconf.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-readconf.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,11 @@ +r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines +Changed paths: + M /head/crypto/openssh/myproposal.h + M /head/crypto/openssh/readconf.c + M /head/crypto/openssh/servconf.c + +Apply FreeBSD's configuration defaults. + --- readconf.c.orig 2010-08-03 00:04:46.000000000 -0600 +++ readconf.c 2010-09-14 16:14:12.000000000 -0600 @@ -1169,7 +1169,7 @@ Modified: head/security/openssh-portable/files/patch-servconf.c ============================================================================== --- head/security/openssh-portable/files/patch-servconf.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-servconf.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,11 @@ +r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines +Changed paths: + M /head/crypto/openssh/myproposal.h + M /head/crypto/openssh/readconf.c + M /head/crypto/openssh/servconf.c + +Apply FreeBSD's configuration defaults. + --- servconf.c.orig 2010-06-25 17:38:45.000000000 -0600 +++ servconf.c 2010-09-14 16:14:12.000000000 -0600 @@ -139,7 +139,7 @@ Modified: head/security/openssh-portable/files/patch-session.c ============================================================================== --- head/security/openssh-portable/files/patch-session.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-session.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,20 @@ +r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines +Changed paths: + M /head/security/hpn-ssh/Makefile + M /head/security/hpn-ssh/files/patch-auth.c + A /head/security/hpn-ssh/files/patch-auth1.c + A /head/security/hpn-ssh/files/patch-auth2.c + M /head/security/hpn-ssh/files/patch-session.c + M /head/security/openssh-portable/Makefile + M /head/security/openssh-portable/files/patch-auth.c + A /head/security/openssh-portable/files/patch-auth1.c + A /head/security/openssh-portable/files/patch-auth2.c + M /head/security/openssh-portable/files/patch-session.c + +Merged patches for HAVE_LOGIN_CAP from stable + +PR: 35904 + --- session.c.orig 2011-07-21 18:55:33.883559116 +0200 +++ session.c 2011-07-21 19:02:17.789294035 +0200 @@ -896,6 +896,24 @@ Modified: head/security/openssh-portable/files/patch-ssh-agent.c ============================================================================== --- head/security/openssh-portable/files/patch-ssh-agent.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-ssh-agent.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,7 @@ +r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines + +Set the ruid to the euid at startup as a workaround for a bug in pam_ssh. + --- ssh-agent.c.orig 2010-04-15 23:56:22.000000000 -0600 +++ ssh-agent.c 2010-09-14 16:14:13.000000000 -0600 @@ -1086,6 +1086,7 @@ Modified: head/security/openssh-portable/files/patch-ssh.c ============================================================================== --- head/security/openssh-portable/files/patch-ssh.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-ssh.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,6 +1,10 @@ $FreeBSD$ -Make the same change to use the canonical hostname as the base FreeBSD ssh. +r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines +Changed paths: + M /head/crypto/openssh/ssh.c + +Canonicize the host name before looking it up in the host file. --- ssh.c.orig 2010-08-16 09:59:31.000000000 -0600 +++ ssh.c 2010-08-25 17:55:01.000000000 -0600 Modified: head/security/openssh-portable/files/patch-ssh_config ============================================================================== --- head/security/openssh-portable/files/patch-ssh_config Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-ssh_config Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,8 @@ +r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines + +Document the FreeBSD default for CheckHostIP, which was changed in +rev 1.2 of readconf.c. + --- ssh_config.orig 2010-01-12 01:40:27.000000000 -0700 +++ ssh_config 2010-09-14 16:14:13.000000000 -0600 @@ -27,7 +27,7 @@ Modified: head/security/openssh-portable/files/patch-ssh_config.5 ============================================================================== --- head/security/openssh-portable/files/patch-ssh_config.5 Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-ssh_config.5 Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,8 @@ +r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines + +Document the FreeBSD default for CheckHostIP, which was changed in +rev 1.2 of readconf.c. + --- ssh_config.5.orig 2010-08-04 21:03:13.000000000 -0600 +++ ssh_config.5 2010-09-14 16:14:13.000000000 -0600 @@ -164,7 +164,7 @@ Modified: head/security/openssh-portable/files/patch-sshd.8 ============================================================================== --- head/security/openssh-portable/files/patch-sshd.8 Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-sshd.8 Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,5 @@ +Document FreeBSD/port-specific paths + --- sshd.8.orig 2010-08-04 21:03:13.000000000 -0600 +++ sshd.8 2010-09-14 16:14:14.000000000 -0600 @@ -70,7 +70,7 @@ Modified: head/security/openssh-portable/files/patch-sshd.c ============================================================================== --- head/security/openssh-portable/files/patch-sshd.c Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-sshd.c Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,13 @@ +r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines +Changed paths: + M /head/crypto/openssh/sshd.c + +Force early initialization of the resolver library, since the resolver +configuration files will no longer be available once sshd is chrooted. + +PR: 39953, 40894 +Submitted by: dinoex + --- sshd.c.orig 2010-04-15 23:56:22.000000000 -0600 +++ sshd.c 2010-09-14 16:14:13.000000000 -0600 @@ -83,6 +83,13 @@ Modified: head/security/openssh-portable/files/patch-sshd_config ============================================================================== --- head/security/openssh-portable/files/patch-sshd_config Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-sshd_config Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,10 @@ +r99051 | des | 2002-06-29 05:55:18 -0500 (Sat, 29 Jun 2002) | 4 lines +Changed paths: + M /head/crypto/openssh/ssh_config + M /head/crypto/openssh/sshd_config + +Document FreeBSD defaults. + --- sshd_config.orig 2009-10-11 04:51:09.000000000 -0600 +++ sshd_config 2010-09-14 16:14:13.000000000 -0600 @@ -36,7 +36,7 @@ Modified: head/security/openssh-portable/files/patch-sshd_config.5 ============================================================================== --- head/security/openssh-portable/files/patch-sshd_config.5 Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/files/patch-sshd_config.5 Wed Apr 17 00:35:31 2013 (r315920) @@ -1,3 +1,5 @@ +Document defaults + --- sshd_config.5.orig 2010-07-01 21:37:17.000000000 -0600 +++ sshd_config.5 2010-08-31 05:27:27.000000000 -0600 @@ -223,7 +223,9 @@ Modified: head/security/openssh-portable/pkg-descr ============================================================================== --- head/security/openssh-portable/pkg-descr Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/pkg-descr Wed Apr 17 00:35:31 2013 (r315920) @@ -12,4 +12,4 @@ are not synchronized. Portable releases The official OpenBSD source will never use the 'p' suffix, but will instead increment the version number when they hit 'stable spots' in their development. -WWW: http://www.openssh.org/portable.html +WWW: http://www.openssh.org/portable.html Modified: head/security/openssh-portable/pkg-plist ============================================================================== --- head/security/openssh-portable/pkg-plist Tue Apr 16 23:29:04 2013 (r315919) +++ head/security/openssh-portable/pkg-plist Wed Apr 17 00:35:31 2013 (r315920) @@ -24,7 +24,3 @@ sbin/sshd libexec/sftp-server libexec/ssh-keysign libexec/ssh-pkcs11-helper -@exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi -%%ERASEEMPTY%%@dirrm empty -@exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi -@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
State Changed From-To: analyzed->closed SCTP support added in r315920. Update to newer version still pending. Thanks!